PMASA-2008-5

Announcement-ID: PMASA-2008-5

Date: 2008-07-15

Updated: 2008-07-16

Summary

XSRF/CSRF for creating a database and modifying user charset

Description

We received an advisory from Aung Khant (YGN Ethical Hacker Group), and we wish to thank him for his work. A logged-in user, if abused into clicking a crafted link or loading an attack page, would create a database he did not intend to, or would change his connection character set.